Hack Hall of Shame: September 2015

(2 votes, average: 4.50 out of 5)You need to be a registered member to rate this post.

September brought news of yet another insurance breach as it was revealed that the details of over 10 million people were compromised in an attack on Excellus Blue Cross Blue Shield. September wasn’t a good month for Apple because just after the KeyRaider attack on jailbroken iPhones was announced, developers showed they were able to sneak in weaponized apps into the App Store affecting all kinds of iPhones.

Countdown with us the top hacks, attacks and vulnerabilities of September 2015.

Over 10 million insurance accounts compromised

The first week of September brought with it news of a hack on New York health insurers Excellus BlueCross BlueShield. On September 9, it was revealed that over 10 million members where possibly affected by the breach (3.5 million of which are served by Excellus’ affiliate, Lifetime Healthcare Companies). According to Reuters, upon further investigation, it was discovered that the initial hack occurred back in December 2013.

Personal data stolen from Lloyds Bank

On September 10, it was reported that thousands of Lloyds Bank customers had their personal details compromised after a data box was stolen. The incident happened back in July 30 when the data box was stolen from a Royal Sun Alliance Insurance data room. According to reports, only those who opened their accounts between 2006 and 2012, and who subsequently made a claim on an insurance policy were affected.

DDoS attack on UK Police

The UK’s National Crime Agency website was taken down on September 1, with Lizard Squad claiming responsibility. The attack was likely a reaction to the arrest of six teenagers who used Lizard Stresser, a DDoS attack tool developed by the Lizard Squad. The group announced the attack through their Twitter account but the tweet has since been removed.

200million WhatsApp web app users at risk

Security firm Check Point revealed a bug in Whatsapp’s web extension could give hackers remote control to a user’s computer, and all the attacker would need is the user’s phone number. The software vulnerability puts at risk 200 million users of the web app who may be tricked into downloading malware on their PCs.

XcodeGhost erodes Apple’s security klout

When it comes to security, September was not a good month for Apple. At the start of the month, Palo Alto Networks released a report detailing a new form of iOS malware that seems to affect only jailbroken iPhones. However, a few weeks later there was yet another dent in Apple’s security ecosystem when the same security specialists, Palo Alto Networks, revealed XcodeGhost, a trojanized version of Xcode, Apple’s applications development software. XcodeGhost modifies Xcode, infects apps and these are then uploaded to the App Store. A total of 39 iOS apps were infected, including WeChat, possibly affecting hundreds of millions of users.

Remember Stagefright?

Android Stagefright vulnerabilities were only released a few months back. Since then, patches were released by Google and other vendors, while Zimperium, the firm who documented the vulnerabilities, also created an app to help users establish whether their devices were at risk. In September, Zimperium published an exploit for one of the most critical vulnerabilities and said it was tested on a Nexus device running Android 4.0.4. Now, recent reports, are saying Stagefright is back, but this time around it mostly affects Android 5.0 Lollipop and later.

Card breach at Hilton Hotel franchise in the US.

Patterns in credit card fraud were noticed by several banks suggesting hackers might have compromised point-of-sales registers in Hilton Hotel shops and restaurants. Brian Krebs wrote on this security blog that “in August, Visa sent confidential alerts to numerous financial institutions warning of a breach at a brick-and-mortar entity that is known to have extended from April 21, 2015 to July 27, 2015.” Hilton said they are currently investigating the claims.

More ransomware, this time on Android

A new type of ransomware is locking out victims by changing their lock screen pin on their Android devices. Lockerpin.A overlays a bogus patch install and when the continue button is clicked, users give the app admin privileges. From there, it resets the PIN and locks the user out of their device. A note then follows the lock urging the user to pay the ransom in order to be given back access to the phone.

Losing at poker? There might be a reason for that

Odlanor is malware that targeted users of Full Tilt Poker and PokerStars by taking screenshots of their games thus giving an unfair advantage to the hacker who then joins the same session knowing what cards the victim’s hands contain. The spyware is installed through a variety of poker-related software and, according to ESET, the malware has been in the wild since March of this year.

About the Author: Melanie Hart

Melanie is the Lead Content Editor at GFI Software. An eager blogger, fiery tweeter, and avid reader, Melanie is a self-confessed geek who finds solace in online FPS games. She is also an opinion writer and blogger for The Times of Malta.